Closed Bug 1483552 Opened 6 years ago Closed 6 years ago

Async Clipboard: readText should not be exposed to the web content (limit it only to WebExtensions)

Categories

(Core :: DOM: Core & HTML, defect, P2)

Product:
Core
Component:
DOM: Core & HTML
Version:
63 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox63 + wontfix
firefox64 + fixed
firefox65 + fixed

People

(Reporter: myakura, Assigned: annyG)

References

Details

Attachments

(1 file, 2 obsolete files)

Bug 1483552 - Disable Clipboard.readText outside of system/extension code,
46 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
pascalc
: approval-mozilla-release-
Details | Review
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:63.0) Gecko/20100101 Firefox/63.0 Build ID: 20180813100104 Steps to reproduce: 1. open console 2. type in `'readText' in navigator.clipboard` and check out it returns true 3. go to https://myakura.github.io/samples/async-clipboard/readtext-1.html 4. copy some text to the clipboard, then hit the "Paste" button Actual results: paste should succeed. Expected results: paste fails, and we don't have any clue. I saw on the Intent thread that readText() is enabled only in WebExtensions. https://groups.google.com/d/msg/mozilla.dev.platform/ef7O7PrmNh0/qy8k9HDjCQAJ I couldn't find any source whether it is true or not. However, given that paste fails, I suspect so. Then please don't expose it in the web content. Do so only in WebExtensions. Making features available-but-always-fail doesn't sound a great idea. I wrote the following in the demo code. ``` // disable button if we don't have that functionality if (!('clipboard' in navigator && 'readText' in navigator.clipboard)) { pasteButton.disabled = true; pasteButton.title("Use Ctrl/Cmd+V to paste manually."); } ``` In Firefox, the button isn't became disabled despite the fact readText() always fails. It just confuses people. Please please make it invisible unless you intend to make it work on the web as well.
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Blocks: 1479935
Priority: -- → P2
Assignee: nobody → annygakhokidze
[Tracking Requested - why for this release]: Shouldn't this have been fixed for 63?
tracking-firefox63: --- → ?
tracking-firefox64: --- → ?
(In reply to Olli Pettay [:smaug] from comment #2) > [Tracking Requested - why for this release]: > Shouldn't this have been fixed for 63? Do you consider that bug important enough to uplift a patch fixing this bug in a 63 dot release if we have one?
Status: UNCONFIRMED → ASSIGNED
status-firefox63: --- → affected
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox-esr60: --- → unaffected
Ever confirmed: true
Flags: needinfo?(bugs)
That is really a question for nika. Are we going to ship broken API?
Flags: needinfo?(bugs) → needinfo?(nika)
How about removing the paragraph announcing that we support this API in https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63#APIs as a short term mitigation? (we ship 63 in less than 2 hours)
(In reply to Olli Pettay [:smaug] from comment #4) > That is really a question for nika. > Are we going to ship broken API? I'm not sure this is important enough to do a dot-release on. The bug here is that we expose a function to content JS which will unconditionally fail when called, and the worst-case scenario here is a program using feature-detection will try to call it to trigger a permission prompt, which we won't show. Chromium also exposes this API to content JS but provides a permission prompt to actually allow access which we do not. Potentially if we get a patch here we could uplift it, especially if there are webcompat issues (which I doubt right now). I'll whip together a minimal patch just in case.
Flags: needinfo?(nika)
Attachment #9019882 - Attachment is obsolete: true
Tracking for potential web compat regressions in 63.
tracking-firefox63: ?+
Attachment #9004782 - Attachment is obsolete: true
Pushed by nlayzell@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/34aacac44c01 Disable Clipboard.readText outside of system/extension code, r=baku
Comment on attachment 9019881 [details] Bug 1483552 - Disable Clipboard.readText outside of system/extension code, [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: Bug 1479935 User impact if declined: Clipboard.readText API exposed to web content which will always resolve with a rejection. Is this code covered by automated tests?: Yes Has the fix been verified in Nightly?: Yes Needs manual test from QE?: No If yes, steps to reproduce: List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): Minor change to enabled condition. String changes made/needed: None.
Attachment #9019881 - Flags: approval-mozilla-release?
Attachment #9019881 - Flags: approval-mozilla-beta?
Comment on attachment 9019881 [details] Bug 1483552 - Disable Clipboard.readText outside of system/extension code, [Triage Comment] Approved for 64.0b5.
Attachment #9019881 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/mozilla-central/rev/34aacac44c01
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Comment on attachment 9019881 [details] Bug 1483552 - Disable Clipboard.readText outside of system/extension code, Given that the impact to end-users seems minimal if any and that we are a month away from 64 which has the patch, I am not taking the patch into our next 63 dot release. Thanks!
Attachment #9019881 - Flags: approval-mozilla-release? → approval-mozilla-release-
See Also: → 1578321
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: